Android 7 (Nougat) Removes Remote Password Reset

It’s fairly well known across the mobile/MDM industry that Google removed support for resetting an Android 7 devices passcode/password from within a Device Administrator granted app.

But for whatever reason, Google has not documented this change particularly clearly.

So here it is!

For any Android Nougat device, the only way to reset a device password/passcode is to be physically on the device and logged in. This means that any MDM vendor can not send a remote password reset request to a device if a user forgets the set password. For any Android 7 device with a forgotten password, the only option is a factory reset.

For Microsoft Intune customers, we documented this new limitation a while ago

https://docs.microsoft.com/en-us/intune/device-passcode-reset and https://docs.microsoft.com/en-us/intune-user-help/reset-your-passcode-cpwebsite

This limitation is true for both Intune on Azure and Configuration Manager Hybrid scenarios, and is a limitation enforced by Google not Microsoft (or any other MDM vendor). All down-level Android devices (<7) should still have this function available.

And just for further reference, Google has documented this in the Android developer API docs.

https://developer.android.com/reference/android/app/admin/DevicePolicyManager.html

The API is resetPassword, and the relevant note is:

Note: This API has been limited as of N for device admins that are not device owner and not profile owner. The password can now only be changed if there is currently no password set. Device owner and profile owner can still do this when user is unlocked and does not have a managed profile.

Matt Shadbolt

Senior Service Engineer
Enterprise Client and Mobility – Intune